vyre-conform 0.1.0

Conformance suite for vyre backends — proves byte-identical output to CPU reference
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

//! Gauntlet runner — executes defendants against the target op's law set.
//!
//! Given a Defendant (a deliberately-wrong CPU reference) and the target
//! op's declared laws, the gauntlet runs the law checker against the
//! Defendant and records which laws fired violations. A Defendant
//! **escapes** when none of its declared `fails_laws` fingerprints
//! appear in the violation list — either the law checker is broken
//! (LAW 1) or the declared law set is too weak to notice the sabotage.
//!
//! A Defendant **is caught** when at least one of its declared
//! `fails_laws` fingerprints appears in the violation list. "Caught" is
//! the desired outcome for a Prosecutor: every Defendant must be
//! caught or the Prosecutor's suite is insufficient.
//!
//! The gauntlet also tracks **over-catches** — laws not in
//! `fails_laws` that nevertheless fired. Over-catches are INFORMATIONAL
//! — they signal that the sabotage was more aggressive than intended.
//! They are not failures.

use crate::adversarial::defender::{Defendant, DefendantCatalog};
use crate::pipeline::certify::CertificateStrength;
use crate::proof::algebra::checker::{verify_laws, verify_laws_witnessed};
use crate::spec::law::{canonical_law_id, AlgebraicLaw};
use crate::OpSpec;

/// The outcome of running one defendant against one op's law set.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct GauntletFinding {
    /// Defendant identifier.
    pub defendant_id: String,
    /// Target op id.
    pub target_op_id: String,
    /// Laws that fired a violation when checked against the defendant.
    pub laws_violated: Vec<String>,
    /// Laws that fired but were not in the defendant's `fails_laws` list.
    pub over_catches: Vec<String>,
    /// Laws declared in `fails_laws` that did NOT fire — the gap.
    pub escaped_laws: Vec<String>,
    /// True when the defendant disagreed with the target op at its concrete
    /// expected witness.
    pub witness_failed: bool,
    /// True when every declared `fails_laws` entry fired. False when one
    /// or more slipped past — the defendant escaped detection.
    pub caught: bool,
    /// Classification for findings that are not real defendant executions.
    pub status: GauntletStatus,
}

/// Classification for one gauntlet finding.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum GauntletStatus {
    /// The defendant was executed against a registered target op.
    Executed,
    /// The defendant entry is malformed and must be fixed before it can prove anything.
    Malformed {
        /// Actionable reason the defendant was rejected.
        reason: String,
    },
    /// The defendant catalog targets an op that is not registered in the supplied specs.
    SkippedMissingTarget,
    /// The defendant was caught but its sabotage trips too many undeclared laws.
    Imprecise {
        /// Actionable reason the defendant should be narrowed.
        reason: String,
    },
}

/// A full gauntlet run across every defendant for a set of op specs.
#[derive(Debug, Clone, Default)]
pub struct GauntletReport {
    /// Per-defendant findings.
    pub findings: Vec<GauntletFinding>,
}

impl GauntletReport {
    /// Defendants that escaped detection — the Prosecutor findings.
    #[inline]
    pub fn escaped(&self) -> Vec<&GauntletFinding> {
        self.findings
            .iter()
            .filter(|f| {
                !f.caught
                    && matches!(
                        f.status,
                        GauntletStatus::Executed | GauntletStatus::Imprecise { .. }
                    )
            })
            .collect()
    }

    /// Defendants that were caught.
    #[inline]
    pub fn caught(&self) -> Vec<&GauntletFinding> {
        self.findings.iter().filter(|f| f.caught).collect()
    }
}

/// Return every accepted fingerprint for a law.
///
/// The canonical custom-law id includes the predicate address so registry
/// drift can detect predicate substitution. Defender manifests are human-authored
/// TOML and still use the stable `custom(name)` target label, so gauntlet
/// matching accepts that legacy alias while preserving the stronger canonical id.
fn law_fingerprints(law: &AlgebraicLaw) -> Vec<String> {
    let mut fingerprints = vec![canonical_law_id(law)];
    if let AlgebraicLaw::Custom { name, .. } = law {
        fingerprints.push(format!("custom({name})"));
    }
    fingerprints
}

/// Run one defendant against the declared laws of its target op and
/// report the finding.
///
/// Backwards-compat shim for legacy callers — uses u8-exhaustive
/// verification (65k witnesses for binary ops). New callers should
/// prefer [`run_defendant_with_strength`] so that `Standard` and
/// `Legendary` runs scale up to 1M / 100M witnesses per law as the
/// persisted certificate promises.
#[inline]
pub fn run_defendant(
    defendant: &Defendant,
    spec_cpu_fn: fn(&[u8]) -> Vec<u8>,
    declared_laws: &[AlgebraicLaw],
    is_binary: bool,
) -> GauntletFinding {
    run_defendant_with_strength(
        defendant,
        spec_cpu_fn,
        declared_laws,
        is_binary,
        CertificateStrength::FastCheck,
    )
}

/// Run one defendant against the declared laws of its target op at the
/// given certificate strength. Per audit L.1.25: when the caller
/// requests `Standard` (1M) or `Legendary` (100M), the gauntlet must
/// honor that witness count instead of silently capping at u8
/// exhaustive (65k binary / 256 unary). Otherwise a mutated CPU
/// reference that passes u8-exhaustive but fails at wider u32 witnesses
/// would escape under a `Standard` run even though the certificate
/// promises 1M u32 witnesses were tried.
#[inline]
pub fn run_defendant_with_strength(
    defendant: &Defendant,
    spec_cpu_fn: fn(&[u8]) -> Vec<u8>,
    declared_laws: &[AlgebraicLaw],
    is_binary: bool,
    strength: CertificateStrength,
) -> GauntletFinding {
    let expected: Vec<String> = defendant
        .fails_laws
        .iter()
        .map(|s| (*s).to_string())
        .collect();
    if expected.is_empty() && defendant.expected_witness.is_empty() {
        return GauntletFinding {
            defendant_id: defendant.id.to_string(),
            target_op_id: defendant.target_op_id.to_string(),
            laws_violated: Vec::new(),
            over_catches: Vec::new(),
            escaped_laws: Vec::new(),
            witness_failed: false,
            caught: false,
            status: GauntletStatus::Malformed {
                reason: "defendant declares no fails_laws and no expected_witness. Fix: add at least one law fingerprint or concrete witness.".to_string(),
            },
        };
    }

    let checked_laws: Vec<AlgebraicLaw> = declared_laws.to_vec();

    // FastCheck runs the fast u8-exhaustive path (≤65k witnesses).
    // Standard/Legendary escalate to random u32 witnessed verification
    // so the persisted certificate's declared witness count is
    // actually sampled during the adversarial gauntlet.
    let results = if matches!(strength, CertificateStrength::FastCheck) {
        verify_laws(
            defendant.target_op_id,
            defendant.broken_fn,
            &checked_laws,
            is_binary,
        )
    } else {
        verify_laws_witnessed(
            defendant.target_op_id,
            defendant.broken_fn,
            &checked_laws,
            is_binary,
            strength.witness_count(),
        )
    };

    // Map each verified law back to its fingerprint so we can compare
    // against the defendant's `fails_laws` list.
    let mut violated_fingerprints: Vec<String> = Vec::new();
    for (law, result) in checked_laws.iter().zip(results.iter()) {
        if result.violation.is_some() {
            violated_fingerprints.extend(law_fingerprints(law));
        }
    }
    violated_fingerprints.sort();
    violated_fingerprints.dedup();

    let escaped_laws: Vec<String> = expected
        .iter()
        .filter(|e| !violated_fingerprints.contains(*e))
        .cloned()
        .collect();

    let over_catches: Vec<String> = violated_fingerprints
        .iter()
        .filter(|v| !expected.contains(v))
        .cloned()
        .collect();

    let witness_failed = defendant.expected_witness.iter().any(|(a, b)| {
        let mut input = Vec::with_capacity(if is_binary { 8 } else { 4 });
        input.extend_from_slice(&a.to_le_bytes());
        if is_binary {
            input.extend_from_slice(&b.to_le_bytes());
        }
        (defendant.broken_fn)(&input) != spec_cpu_fn(&input)
    });

    // A defendant is killed if its declared law violations fire or its
    // concrete witness differs from the real target CPU reference. The
    // witness path is important for operations whose current declared law
    // set is intentionally weak, such as a full-u32 bounded law.
    let caught = (!expected.is_empty() && escaped_laws.is_empty()) || witness_failed;

    let status = if over_catches.len() > expected.len().saturating_mul(2).max(2) {
        GauntletStatus::Imprecise {
            reason: format!(
                "defendant tripped {} undeclared laws for {} declared laws. Fix: narrow the sabotage or declare the additional targeted laws.",
                over_catches.len(),
                expected.len()
            ),
        }
    } else {
        GauntletStatus::Executed
    };

    GauntletFinding {
        defendant_id: defendant.id.to_string(),
        target_op_id: defendant.target_op_id.to_string(),
        laws_violated: violated_fingerprints,
        over_catches,
        escaped_laws,
        witness_failed,
        caught,
        status,
    }
}

/// Determine binary vs unary arity from the target op's signature, by
/// looking it up in the passed-in spec list. Caller provides the specs.
#[inline]
pub fn run_gauntlet(catalogs: &[DefendantCatalog], specs: &[OpSpec]) -> GauntletReport {
    let mut report = GauntletReport::default();

    for catalog in catalogs {
        let Some(spec) = specs.iter().find(|s| s.id == catalog.target_op_id) else {
            // Target op is not registered; record a skipped defendant
            // for each entry so the report is complete.
            for defendant in &catalog.defendants {
                report.findings.push(GauntletFinding {
                    defendant_id: defendant.id.to_string(),
                    target_op_id: defendant.target_op_id.to_string(),
                    laws_violated: Vec::new(),
                    over_catches: Vec::new(),
                    escaped_laws: defendant
                        .fails_laws
                        .iter()
                        .map(|s| (*s).to_string())
                        .collect(),
                    witness_failed: false,
                    caught: false,
                    status: GauntletStatus::SkippedMissingTarget,
                });
            }
            continue;
        };
        let is_binary = spec.signature.inputs.len() == 2;
        for defendant in &catalog.defendants {
            let finding = run_defendant(defendant, spec.cpu_fn, &spec.laws, is_binary);
            report.findings.push(finding);
        }
    }

    report
}